Simulate security activity


Once you have installed Sqreen on your application and pushed it to production, you can easily simulate security activity on your application.

Let's perform a simple security scan of your application

Security scan is usually the first step of a more sophisticated attack. The tool Arachni will help you performing it.

Using an Arachni Docker container is the simplest way. The following command will scan the URI provided and will place the report in report.afr file.

Warning: scan your own infrastructures only

A security scan will test hundreds of known vulnerabilities in your application, and thus will send many requests to it. Do not perform security scans on applications that do not belong to you.

Make sure to replace YOUR_URI with the URI of your application:

$ docker run --rm -ti -v /tmp/:/tmp/ ahannigan/docker-arachni \
                                     ./bin/arachni \
                                     --audit-links \
                                     --audit-forms \
                                     --audit-headers \
                                     --report-save-path /tmp/report.afr \
                                     YOUR_URI

Receiving your Sqreen notification

Once the scan is over, Sqreen will quickly detect the scan you triggered and will notify you by email, and Slack (if you previously set up the Slack integration).

The generated report uses the AFR format, Arachni’s internal format. To convert this in HTML or PDF, the following command can be used:

$ docker run --rm -ti -v /tmp/:/tmp/ ahannigan/docker-arachni \
                                     ./bin/arachni_reporter \
                                     /tmp/report.afr \
                                     --reporter=html:outfile=/tmp/report.html.zip
$ unzip /tmp/report.html.zip

Then, just open the index.html file using your browser to watch the report generated by Arachni.